According to their web site Duo allows for the use of HOTP tokens, so
there's probably not much benefit to reverse engineering their proprietary
I think what they mean is that the duo app can support HOTP. i.e. The duo
app can act as a replacement for freeotp or google authenticator. However,
if your organization uses Duo, you are stuck with the duo app for now.